mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rust/src/libstd/old_io/tempfile.rs

184 lines
6.4 KiB
Rust
Raw Normal View History

clean up tempfile module and rm FIXME This removes the FIXME suggesting that mkdtemp should rely on the default umask, because that would make it unusable for making a secure work area in a world writable directory (have to assume that other users have created files, directories, hard links, etc. in your directory). The POSIX mkdtemp function creates a directory with 700 permissions to avoid this problem.
2013-01-16 05:28:39 -05:00
// Copyright 2013 The Rust Project Developers. See the COPYRIGHT
Update license, add license boilerplate to most files. Remainder will follow.
2012-12-03 16:48:01 -08:00
// file at the top-level directory of this distribution and at
// http://rust-lang.org/COPYRIGHT.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498
2012-07-04 22:53:12 +01:00
//! Temporary files and directories
Deprecate in-tree `rand`, `std::rand` and `#[derive(Rand)]`. Use the crates.io crate `rand` (version 0.1 should be a drop in replacement for `std::rand`) and `rand_macros` (`#[derive_Rand]` should be a drop-in replacement). [breaking-change]
2015-02-03 20:11:38 +11:00
#![allow(deprecated)] // rand
std: add fs::mkdir(), rng.gen_str(), tempfile::mkdtemp() Signed-off-by: Elly Jones <elly@leptoquark.net>
2011-11-08 23:35:15 -05:00
std: Add a new `env` module This is an implementation of [RFC 578][rfc] which adds a new `std::env` module to replace most of the functionality in the current `std::os` module. More details can be found in the RFC itself, but as a summary the following methods have all been deprecated: [rfc]: https://github.com/rust-lang/rfcs/pull/578 * `os::args_as_bytes` => `env::args` * `os::args` => `env::args` * `os::consts` => `env::consts` * `os::dll_filename` => no replacement, use `env::consts` directly * `os::page_size` => `env::page_size` * `os::make_absolute` => use `env::current_dir` + `join` instead * `os::getcwd` => `env::current_dir` * `os::change_dir` => `env::set_current_dir` * `os::homedir` => `env::home_dir` * `os::tmpdir` => `env::temp_dir` * `os::join_paths` => `env::join_paths` * `os::split_paths` => `env::split_paths` * `os::self_exe_name` => `env::current_exe` * `os::self_exe_path` => use `env::current_exe` + `pop` * `os::set_exit_status` => `env::set_exit_status` * `os::get_exit_status` => `env::get_exit_status` * `os::env` => `env::vars` * `os::env_as_bytes` => `env::vars` * `os::getenv` => `env::var` or `env::var_string` * `os::getenv_as_bytes` => `env::var` * `os::setenv` => `env::set_var` * `os::unsetenv` => `env::remove_var` Many function signatures have also been tweaked for various purposes, but the main changes were: * `Vec`-returning APIs now all return iterators instead * All APIs are now centered around `OsString` instead of `Vec<u8>` or `String`. There is currently on convenience API, `env::var_string`, which can be used to get the value of an environment variable as a unicode `String`. All old APIs are `#[deprecated]` in-place and will remain for some time to allow for migrations. The semantics of the APIs have been tweaked slightly with regard to dealing with invalid unicode (panic instead of replacement). The new `std::env` module is all contained within the `env` feature, so crates must add the following to access the new APIs: #![feature(env)] [breaking-change]
2015-01-27 12:20:58 -08:00
use env;
use iter::{IteratorExt};
std: Rename io to old_io In preparation for the I/O rejuvination of the standard library, this commit renames the current `io` module to `old_io` in order to make room for the new I/O modules. It is expected that the I/O RFCs will land incrementally over time instead of all at once, and this provides a fresh clean path for new modules to enter into as well as guaranteeing that all old infrastructure will remain in place for some time. As each `old_io` module is replaced it will be deprecated in-place for new structures in `std::{io, fs, net}` (as appropriate). This commit does *not* leave a reexport of `old_io as io` as the deprecation lint does not currently warn on this form of use. This is quite a large breaking change for all imports in existing code, but all functionality is retained precisely as-is and path statements simply need to be renamed from `io` to `old_io`. [breaking-change]
2015-01-22 16:27:48 -08:00
use old_io::{fs, IoError, IoErrorKind, IoResult};
use old_io;
extra: Put the nail in the coffin, delete libextra This commit shreds all remnants of libextra from the compiler and standard distribution. Two modules, c_vec/tempfile, were moved into libstd after some cleanup, and the other modules were moved to separate crates as seen fit. Closes #8784 Closes #12413 Closes #12576
2014-03-14 11:16:10 -07:00
use ops::Drop;
Utilize fewer reexports In regards to: https://github.com/rust-lang/rust/issues/19253#issuecomment-64836729 This commit: * Changes the #deriving code so that it generates code that utilizes fewer reexports (in particur Option::* and Result::*), which is necessary to remove those reexports in the future * Changes other areas of the codebase so that fewer reexports are utilized
2014-11-28 11:57:41 -05:00
use option::Option::{None, Some};
std: Add a new `env` module This is an implementation of [RFC 578][rfc] which adds a new `std::env` module to replace most of the functionality in the current `std::os` module. More details can be found in the RFC itself, but as a summary the following methods have all been deprecated: [rfc]: https://github.com/rust-lang/rfcs/pull/578 * `os::args_as_bytes` => `env::args` * `os::args` => `env::args` * `os::consts` => `env::consts` * `os::dll_filename` => no replacement, use `env::consts` directly * `os::page_size` => `env::page_size` * `os::make_absolute` => use `env::current_dir` + `join` instead * `os::getcwd` => `env::current_dir` * `os::change_dir` => `env::set_current_dir` * `os::homedir` => `env::home_dir` * `os::tmpdir` => `env::temp_dir` * `os::join_paths` => `env::join_paths` * `os::split_paths` => `env::split_paths` * `os::self_exe_name` => `env::current_exe` * `os::self_exe_path` => use `env::current_exe` + `pop` * `os::set_exit_status` => `env::set_exit_status` * `os::get_exit_status` => `env::get_exit_status` * `os::env` => `env::vars` * `os::env_as_bytes` => `env::vars` * `os::getenv` => `env::var` or `env::var_string` * `os::getenv_as_bytes` => `env::var` * `os::setenv` => `env::set_var` * `os::unsetenv` => `env::remove_var` Many function signatures have also been tweaked for various purposes, but the main changes were: * `Vec`-returning APIs now all return iterators instead * All APIs are now centered around `OsString` instead of `Vec<u8>` or `String`. There is currently on convenience API, `env::var_string`, which can be used to get the value of an environment variable as a unicode `String`. All old APIs are `#[deprecated]` in-place and will remain for some time to allow for migrations. The semantics of the APIs have been tweaked slightly with regard to dealing with invalid unicode (panic instead of replacement). The new `std::env` module is all contained within the `env` feature, so crates must add the following to access the new APIs: #![feature(env)] [breaking-change]
2015-01-27 12:20:58 -08:00
use option::Option;
Rename std::path to std::old_path As part of [RFC 474](https://github.com/rust-lang/rfcs/pull/474), this commit renames `std::path` to `std::old_path`, leaving the existing path API in place to ease migration to the new one. Updating should be as simple as adjusting imports, and the prelude still maps to the old path APIs for now. [breaking-change]
2015-01-29 14:03:36 -08:00
use old_path::{Path, GenericPath};
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
use rand::{Rng, thread_rng};
Utilize fewer reexports In regards to: https://github.com/rust-lang/rust/issues/19253#issuecomment-64836729 This commit: * Changes the #deriving code so that it generates code that utilizes fewer reexports (in particur Option::* and Result::*), which is necessary to remove those reexports in the future * Changes other areas of the codebase so that fewer reexports are utilized
2014-11-28 11:57:41 -05:00
use result::Result::{Ok, Err};
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
use str::StrExt;
use string::String;
std: add fs::mkdir(), rng.gen_str(), tempfile::mkdtemp() Signed-off-by: Elly Jones <elly@leptoquark.net>
2011-11-08 23:35:15 -05:00
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
/// A wrapper for a path to temporary directory implementing automatic
extra: fix spelling in docs.
2013-12-15 16:34:14 +11:00
/// scope-based deletion.
Added example to TempDir
2014-12-16 19:15:05 +01:00
///
/// # Examples
///
Replaced wrapper functions with no_run and as_str().unwrap() with display()
2014-12-17 07:21:29 +01:00
/// ```no_run
std: Rename io to old_io In preparation for the I/O rejuvination of the standard library, this commit renames the current `io` module to `old_io` in order to make room for the new I/O modules. It is expected that the I/O RFCs will land incrementally over time instead of all at once, and this provides a fresh clean path for new modules to enter into as well as guaranteeing that all old infrastructure will remain in place for some time. As each `old_io` module is replaced it will be deprecated in-place for new structures in `std::{io, fs, net}` (as appropriate). This commit does *not* leave a reexport of `old_io as io` as the deprecation lint does not currently warn on this form of use. This is quite a large breaking change for all imports in existing code, but all functionality is retained precisely as-is and path statements simply need to be renamed from `io` to `old_io`. [breaking-change]
2015-01-22 16:27:48 -08:00
/// use std::old_io::TempDir;
Added example to TempDir
2014-12-16 19:15:05 +01:00
///
/// {
/// // create a temporary directory
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
/// let tmpdir = match TempDir::new("myprefix") {
Added example to TempDir
2014-12-16 19:15:05 +01:00
/// Ok(dir) => dir,
/// Err(e) => panic!("couldn't create temporary directory: {}", e)
/// };
///
/// // get the path of the temporary directory without affecting the wrapper
/// let tmppath = tmpdir.path();
///
Replaced wrapper functions with no_run and as_str().unwrap() with display()
2014-12-17 07:21:29 +01:00
/// println!("The path of temporary directory is {}", tmppath.display());
Added example to TempDir
2014-12-16 19:15:05 +01:00
///
/// // the temporary directory is automatically removed when tmpdir goes
/// // out of scope at the end of the block
/// }
/// {
/// // create a temporary directory, this time using a custom path
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
/// let tmpdir = match TempDir::new_in(&Path::new("/tmp/best/custom/path"), "myprefix") {
Added example to TempDir
2014-12-16 19:15:05 +01:00
/// Ok(dir) => dir,
/// Err(e) => panic!("couldn't create temporary directory: {}", e)
/// };
///
/// // get the path of the temporary directory and disable automatic deletion in the wrapper
/// let tmppath = tmpdir.into_inner();
///
Replaced wrapper functions with no_run and as_str().unwrap() with display()
2014-12-17 07:21:29 +01:00
/// println!("The path of the not-so-temporary directory is {}", tmppath.display());
Added example to TempDir
2014-12-16 19:15:05 +01:00
///
/// // the temporary directory is not removed here
/// // because the directory is detached from the wrapper
/// }
/// {
/// // create a temporary directory
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
/// let tmpdir = match TempDir::new("myprefix") {
Added example to TempDir
2014-12-16 19:15:05 +01:00
/// Ok(dir) => dir,
/// Err(e) => panic!("couldn't create temporary directory: {}", e)
/// };
///
/// // close the temporary directory manually and check the result
/// match tmpdir.close() {
/// Ok(_) => println!("success!"),
/// Err(e) => panic!("couldn't remove temporary directory: {}", e)
/// };
/// }
/// ```
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
pub struct TempDir {
std: Modify TempDir to not fail on drop. Closes #12628 After discussion with Alex, we think the proper policy is for dtors to not fail. This is consistent with C++. BufferedWriter already does this, so this patch modifies TempDir to not fail in the dtor, adding a `close` method for handling errors on destruction.
2014-05-14 17:49:14 -07:00
path: Option<Path>,
disarmed: bool
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
// How many times should we (re)try finding an unused random name? It should be
// enough that an attacker will run out of luck before we run out of patience.
const NUM_RETRIES: u32 = 1 << 31;
// How many characters should we include in a random file name? It needs to
// be enough to dissuade an attacker from trying to preemptively create names
// of that length, but not so huge that we unnecessarily drain the random number
// generator of entropy.
const NUM_RAND_CHARS: uint = 12;
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
impl TempDir {
/// Attempts to make a temporary directory inside of `tmpdir` whose name
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
/// will have the prefix `prefix`. The directory will be automatically
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
/// deleted once the returned wrapper is destroyed.
///
Have std::io::TempDir::new and new_in return IoResult This allows using `try!()` [breaking-change] Fixes #16875
2014-08-30 13:12:47 +01:00
/// If no directory can be created, `Err` is returned.
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
pub fn new_in(tmpdir: &Path, prefix: &str) -> IoResult<TempDir> {
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
if !tmpdir.is_absolute() {
std: Add a new `env` module This is an implementation of [RFC 578][rfc] which adds a new `std::env` module to replace most of the functionality in the current `std::os` module. More details can be found in the RFC itself, but as a summary the following methods have all been deprecated: [rfc]: https://github.com/rust-lang/rfcs/pull/578 * `os::args_as_bytes` => `env::args` * `os::args` => `env::args` * `os::consts` => `env::consts` * `os::dll_filename` => no replacement, use `env::consts` directly * `os::page_size` => `env::page_size` * `os::make_absolute` => use `env::current_dir` + `join` instead * `os::getcwd` => `env::current_dir` * `os::change_dir` => `env::set_current_dir` * `os::homedir` => `env::home_dir` * `os::tmpdir` => `env::temp_dir` * `os::join_paths` => `env::join_paths` * `os::split_paths` => `env::split_paths` * `os::self_exe_name` => `env::current_exe` * `os::self_exe_path` => use `env::current_exe` + `pop` * `os::set_exit_status` => `env::set_exit_status` * `os::get_exit_status` => `env::get_exit_status` * `os::env` => `env::vars` * `os::env_as_bytes` => `env::vars` * `os::getenv` => `env::var` or `env::var_string` * `os::getenv_as_bytes` => `env::var` * `os::setenv` => `env::set_var` * `os::unsetenv` => `env::remove_var` Many function signatures have also been tweaked for various purposes, but the main changes were: * `Vec`-returning APIs now all return iterators instead * All APIs are now centered around `OsString` instead of `Vec<u8>` or `String`. There is currently on convenience API, `env::var_string`, which can be used to get the value of an environment variable as a unicode `String`. All old APIs are `#[deprecated]` in-place and will remain for some time to allow for migrations. The semantics of the APIs have been tweaked slightly with regard to dealing with invalid unicode (panic instead of replacement). The new `std::env` module is all contained within the `env` feature, so crates must add the following to access the new APIs: #![feature(env)] [breaking-change]
2015-01-27 12:20:58 -08:00
let cur_dir = try!(env::current_dir());
return TempDir::new_in(&cur_dir.join(tmpdir), prefix);
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
let mut rng = thread_rng();
`for x in range(a, b)` -> `for x in a..b` sed -i 's/in range(\([^,]*\), *\([^()]*\))/in \1\.\.\2/g' **/*.rs
2015-01-26 15:46:12 -05:00
for _ in 0..NUM_RETRIES {
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
let suffix: String = rng.gen_ascii_chars().take(NUM_RAND_CHARS).collect();
let leaf = if prefix.len() > 0 {
format!("{}.{}", prefix, suffix)
} else {
// If we're given an empty string for a prefix, then creating a
// directory starting with "." would lead to it being
// semi-invisible on some systems.
suffix
};
let path = tmpdir.join(leaf);
std: Rename io to old_io In preparation for the I/O rejuvination of the standard library, this commit renames the current `io` module to `old_io` in order to make room for the new I/O modules. It is expected that the I/O RFCs will land incrementally over time instead of all at once, and this provides a fresh clean path for new modules to enter into as well as guaranteeing that all old infrastructure will remain in place for some time. As each `old_io` module is replaced it will be deprecated in-place for new structures in `std::{io, fs, net}` (as appropriate). This commit does *not* leave a reexport of `old_io as io` as the deprecation lint does not currently warn on this form of use. This is quite a large breaking change for all imports in existing code, but all functionality is retained precisely as-is and path statements simply need to be renamed from `io` to `old_io`. [breaking-change]
2015-01-22 16:27:48 -08:00
match fs::mkdir(&path, old_io::USER_RWX) {
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
Ok(_) => return Ok(TempDir { path: Some(path), disarmed: false }),
Err(IoError{kind:IoErrorKind::PathAlreadyExists,..}) => (),
Err(e) => return Err(e)
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
}
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
return Err(IoError{
kind: IoErrorKind::PathAlreadyExists,
desc:"Exhausted",
detail: None});
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
/// Attempts to make a temporary directory inside of `os::tmpdir()` whose
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
/// name will have the prefix `prefix`. The directory will be automatically
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
/// deleted once the returned wrapper is destroyed.
///
Have std::io::TempDir::new and new_in return IoResult This allows using `try!()` [breaking-change] Fixes #16875
2014-08-30 13:12:47 +01:00
/// If no directory can be created, `Err` is returned.
Make temporary directory names non-deterministic. The previous scheme made it possible for another user/attacker to cause the temporary directory creation scheme to panic. All you needed to know was the pid of the process you wanted to target ('other_pid') and the suffix it was using (let's pretend it's 'sfx') and then code such as this would, in essence, DOS it: for i in range(0u, 1001) { let tp = &Path::new(format!("/tmp/rs-{}-{}-sfx", other_pid, i)); match fs::mkdir(tp, io::USER_RWX) { _ => () } } Since the scheme retried only 1000 times to create a temporary directory before dying, the next time the attacked process called TempDir::new("sfx") after that would typically cause a panic. Of course, you don't necessarily need an attacker to cause such a DOS: creating 1000 temporary directories without closing any of the previous would be enough to DOS yourself. This patch broadly follows the OpenBSD implementation of mkstemp. It uses the operating system's random number generator to produce random directory names that are impractical to guess (and, just in case someone manages to do that, it retries creating the directory for a long time before giving up; OpenBSD retries INT_MAX times, although 1<<31 seems enough to thwart even the most patient attacker). As a small additional change, this patch also makes the argument that TempDir::new takes a prefix rather than a suffix. This is because 1) it more closely matches what mkstemp and friends do 2) if you're going to have a deterministic part of a filename, you really want it at the beginning so that shell completion is useful.
2015-01-03 21:49:01 +00:00
pub fn new(prefix: &str) -> IoResult<TempDir> {
std: Add a new `env` module This is an implementation of [RFC 578][rfc] which adds a new `std::env` module to replace most of the functionality in the current `std::os` module. More details can be found in the RFC itself, but as a summary the following methods have all been deprecated: [rfc]: https://github.com/rust-lang/rfcs/pull/578 * `os::args_as_bytes` => `env::args` * `os::args` => `env::args` * `os::consts` => `env::consts` * `os::dll_filename` => no replacement, use `env::consts` directly * `os::page_size` => `env::page_size` * `os::make_absolute` => use `env::current_dir` + `join` instead * `os::getcwd` => `env::current_dir` * `os::change_dir` => `env::set_current_dir` * `os::homedir` => `env::home_dir` * `os::tmpdir` => `env::temp_dir` * `os::join_paths` => `env::join_paths` * `os::split_paths` => `env::split_paths` * `os::self_exe_name` => `env::current_exe` * `os::self_exe_path` => use `env::current_exe` + `pop` * `os::set_exit_status` => `env::set_exit_status` * `os::get_exit_status` => `env::get_exit_status` * `os::env` => `env::vars` * `os::env_as_bytes` => `env::vars` * `os::getenv` => `env::var` or `env::var_string` * `os::getenv_as_bytes` => `env::var` * `os::setenv` => `env::set_var` * `os::unsetenv` => `env::remove_var` Many function signatures have also been tweaked for various purposes, but the main changes were: * `Vec`-returning APIs now all return iterators instead * All APIs are now centered around `OsString` instead of `Vec<u8>` or `String`. There is currently on convenience API, `env::var_string`, which can be used to get the value of an environment variable as a unicode `String`. All old APIs are `#[deprecated]` in-place and will remain for some time to allow for migrations. The semantics of the APIs have been tweaked slightly with regard to dealing with invalid unicode (panic instead of replacement). The new `std::env` module is all contained within the `env` feature, so crates must add the following to access the new APIs: #![feature(env)] [breaking-change]
2015-01-27 12:20:58 -08:00
TempDir::new_in(&env::temp_dir(), prefix)
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
/// Unwrap the wrapped `std::path::Path` from the `TempDir` wrapper.
/// This discards the wrapper so that the automatic deletion of the
/// temporary directory is prevented.
Rename unwrap functions to into_inner This change applies the conventions to unwrap listed in [RFC 430][rfc] to rename non-failing `unwrap` methods to `into_inner`. This is a breaking change, but all `unwrap` methods are retained as `#[deprecated]` for the near future. To update code rename `unwrap` method calls to `into_inner`. [rfc]: https://github.com/rust-lang/rfcs/pull/430 [breaking-change] Closes #13159 cc #19091
2014-11-20 09:23:43 -08:00
pub fn into_inner(self) -> Path {
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
let mut tmpdir = self;
Fallout from stabilizing core::option
2014-08-18 17:52:38 -07:00
tmpdir.path.take().unwrap()
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
/// Access the wrapped `std::path::Path` to the temporary directory.
pub fn path<'a>(&'a self) -> &'a Path {
Remove #[allow(deprecated)] from libstd
2014-09-17 10:47:05 -07:00
self.path.as_ref().unwrap()
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
std: Modify TempDir to not fail on drop. Closes #12628 After discussion with Alex, we think the proper policy is for dtors to not fail. This is consistent with C++. BufferedWriter already does this, so this patch modifies TempDir to not fail in the dtor, adding a `close` method for handling errors on destruction.
2014-05-14 17:49:14 -07:00
/// Close and remove the temporary directory
///
/// Although `TempDir` removes the directory on drop, in the destructor
/// any errors are ignored. To detect errors cleaning up the temporary
/// directory, call `close` instead.
pub fn close(mut self) -> IoResult<()> {
self.cleanup_dir()
}
fn cleanup_dir(&mut self) -> IoResult<()> {
assert!(!self.disarmed);
self.disarmed = true;
match self.path {
Some(ref p) => {
fs::rmdir_recursive(p)
}
None => Ok(())
}
}
extra::tempfile: replace mkdtemp with an RAII wrapper this incidentally stops `make check` from leaving directories in `/tmp`
2013-10-11 15:55:37 +02:00
}
impl Drop for TempDir {
fn drop(&mut self) {
std: Modify TempDir to not fail on drop. Closes #12628 After discussion with Alex, we think the proper policy is for dtors to not fail. This is consistent with C++. BufferedWriter already does this, so this patch modifies TempDir to not fail in the dtor, adding a `close` method for handling errors on destruction.
2014-05-14 17:49:14 -07:00
if !self.disarmed {
let _ = self.cleanup_dir();
std: add fs::mkdir(), rng.gen_str(), tempfile::mkdtemp() Signed-off-by: Elly Jones <elly@leptoquark.net>
2011-11-08 23:35:15 -05:00
}
}
}
libstd: Move std tests into libstd
2012-01-17 19:05:07 -08:00
Remove all usage of change_dir_locked While usage of change_dir_locked is synchronized against itself, it's not synchronized against other relative path usage, so I'm of the opinion that it just really doesn't help in running tests. In order to prevent the problems that have been cropping up, this completely removes the function. All existing tests (except one) using it have been moved to run-pass tests where they get their own process and don't need to be synchronized with anyone else. There is one now-ignored rustpkg test because when I moved it to a run-pass test apparently run-pass isn't set up to have 'extern mod rustc' (it ends up having linkage failures).
2013-09-13 21:41:28 -07:00
// the tests for this module need to change the path using change_dir,
// and this doesn't play nicely with other tests so these unit tests are located
// in src/test/run-pass/tempfile.rs
Reference in New Issue Copy Permalink